Piranha doesn't really care how your users gets authenticated, whether it's the end users of your application or the administrators accessing the manager interface. Instead, by default Piranha uses a claims based security model to check what the current user has access to. If you wish to use an alternative -such as Role based authorization, you can provide a delegate via the overloaded IServiceCollection.AddPiranhaManager()
method in your Startup.cs file:
IServiceCollection.AddPiranhaManager((permission, options) =>
{
switch (permission)
{
//for managing visitor comments, CommentModerator role membership is required (or Administrator role)
case Permission.Comments:
case Permission.CommentsApprove:
case Permission.CommentsDelete:
options.RequireRole("CommentModerator", "Administrator");
break;
//all other policies/permission require membership of the Administrator role)
default:
options.RequireRole("Administrator");
break;
}
});
We provide two different packages for handling authentication, one for development and one for production scenarios.
To read more about how the implement custom authentication services for your application, please refer to Authentication under the Extensions section.
Besides the claims used by the default pages in the manager interface you can add custom claims for you application, both for custom manager pages or for securing pages in your application.
The application claims you add will be available when you edit and set up Roles in the manager if you're using the Identity
package. These claims will also be available in the settings for your Pages & Posts and can be used for securing certain instances of your content. This should be added in your Startup.cs
.
App.Permissions["Application"].Add(new Piranha.Security.PermissionItem
{
Name = "WebUser",
Title = "Web User"
});
The first name is the main category you want to group your permissions in and can be anything you like. In this example we've choosen the name "Application".
Manager claims works in the same way as application claims, the only difference is that you set the property IsInternal
to true
. By doing this they are not shown when specifying permissions for your public pages & posts and should only be used when validating if the current manager should have access to something in the manager interface.
App.Permissions["Manager"].Add(new Piranha.Security.PermissionItem
{
Category = "My Manager Feature",
Name = "EditStuff",
Title = "Edit Stuff",
IsInternal = true
});
App.Permissions["Manager"].Add(new Piranha.Security.PermissionItem
{
Category = "My Manager Feature",
Name = "DeleteStuff",
Title = "Delete Stuff",
IsInternal = true
});
The core Piranha application has two Claims that are used when trying to preview unpublished content.
PiranhaPagePreview
PiranhaPostPreview
The following claims define the different actions the logged in user can perform in the manager interface. To assign these claims to different users you setup Roles
which have access to different Claims
. A user can have several roles.
PiranhaAdmin
If the user has access to the manager interfacePiranhaAliases
If the user can view the alias pagePiranhaAliasesDelete
If the user can delete existing aliasesPiranhaAliasesEdit
If the user can add and edit existing aliasesPiranhaConfig
If the user can view the config pagePiranhaConfigEdit
If the user can update config settingsPiranhaMedia
If the user can view the media pagePiranhaMediaAdd
If the user can upload new mediaPiranhaMediaDelete
If the user can delete existing mediaPiranhaMediaEdit
If the user can update existing mediaPiranhaMediaAddFolder
If the user can add new folders in the media libraryPiranhaMediaDeleteFolder
If the user can delete existing media foldersPiranhaPages
If the user can view the page structurePiranhaPagesAdd
If the user can add new pagesPiranhaPagesDelete
If the user can delete existing pagesPiranhaPagesEdit
If the user can view the page detailsPiranhaPagesPublish
If the user can publish and unpublish pagesPiranhaPagesSave
If the user can update existing pagesPiranhaPosts
If the user can view postsPiranhaPostsAdd
If the user can add new postsPiranhaPostsDelete
If the user can delete existing postsPiranhaPostsEdit
If the user can view the post detailsPiranhaPostsPublish
If the user can publish and unpublished postsPiranhaPostsSave
If the user can update existing postsPiranhaSites
If the user can view the site pagePiranhaSitesAdd
If the user can add new sitesPiranhaSitesDelete
If the user can delete existing sitesPiranhaSitesEdit
If the user can view site detailsPiranhaSitesSave
If the user can update existing sites